Re: Milrotik router vulnerability

I see this was posted back in March and after reading the linked forum information where it appears firmware was being overwritten remotely the recently released and named VPNFilter Botnet seems to fit the bill?

It seems it could be an issue for many as many Modem/router vendors are slow to update their products (if at all). Those of us who use ISP supplied equipment are left to whatever they choose to do.

The most recent one to come to light is particularly worrying as it appears that anyone with remote management access could download the internal user database from a router without authentication, and that this database contains plaintext passwords!

At least Mikrotik are fairly proactive in fixing issues which appear, unlike some other large router manufacturers, although this latest issue is made worse by poor historic design decisions.

As ever defense-in-depth is a good idea - disable unused services, restrict access to those needed with access control lists and VPNs.

Re: Milrotik router vulnerability

It was interesting to read the link on the opening post on this thread as issues started to come to light with Mikrotik models. As from what I have read the researchers kept this under wraps until now. For those that weren't in the know I should imagine the story's release has made some sense.

Re: Milrotik router vulnerability

The point I'm making here is that a company which claims to have expertise in a particular product, in network security and even a Cyber Essentials certification really should have updated its own routers. Keeping things patched is a requirement of Cyber Essentials.

They're not even slightly out of date. The affected router runs a version of RouterOS that is forty eight versions out of date - and was released in July 2015. I would imagine that it's running the version if was when it came out of the box.

Sarah

--
If I can't drink my bowl of coffee three times daily, then in my torment, I will shrivel up like a piece of roast goat